letsencrypt on nginx and non-www https to www https redirect

Question

I setup a letsencrypt SSL cert on a webserver running Nginx.

http to https redirect for both non-www and www work fine. Going directly to https://www.example.com works. https non-www does not work and the browser returns connection refused.

So: http://example.com to https://www.example.com

http://www.example.com to https://www.example.com

work

https://example.com to https://www.example.com

does not work

my site conf is

server {
 listen 80;
 server_name example.com www.example.com;
 return 301 https://www.example.com$request_uri;
}

server {
  listen 443 ssl http2;
  server_name example.com;

  #ssl certs locations etc.

  return 301 https://www.example.com$request_uri;
}

server {
  listen 443 ssl http2;
  server_name www.example.com;

  #ssl certs locations etc.

  #rest of main block
}

The letsencrypt cert was created with the command (certbot-auto because the server is running an older linux distro):

certbot-auto certonly -n -a webroot --webroot-path=[path to webroot] -d example.com -d www.example.com --email foo@example.com --agree-tos

Having looked at other similar questions, the nginx conf should work. It is my understanding that how I created the cert means that there is a cert for example.com and www.example.com.

When I load the website and view the cert both are listed under Subject Alternative Name.

Answer 1

Solved. Turned out to be a DNS setting issue. There was a registrar bespoke domain forwarder for example.com to www.example.com. Removing that and adding an A record for example.com fixed everything.